diff --git a/0712-iscsi-look-for-pkg-config-file-too.patch b/0712-iscsi-look-for-pkg-config-file-too.patch index 8c60ee3..51a3bdc 100644 --- a/0712-iscsi-look-for-pkg-config-file-too.patch +++ b/0712-iscsi-look-for-pkg-config-file-too.patch @@ -1,6 +1,7 @@ +From 868600d91f1c165cdd91f293870af0ca351c6025 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini -Subject: [PATCH 3/6] iscsi: look for pkg-config file too -Date: Tue, 5 Mar 2013 18:05:22 +0100 +Date: Fri, 22 Feb 2013 18:14:28 +0100 +Subject: [PATCH] iscsi: look for pkg-config file too Due to library conflicts, Fedora will have to put libiscsi in /usr/lib/iscsi. Simplify configuration by using a pkg-config @@ -9,15 +10,16 @@ to add it has been sent to upstream libiscsi as well. Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini +(cherry picked from commit 3c33ea9640758bb625e110a77673e5abfd184e54) --- configure | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/configure b/configure -index 2f98c5a..a9a7c99 100755 +index 6af2806..12d506c 100755 --- a/configure +++ b/configure -@@ -2803,7 +2803,13 @@ if test "$libiscsi" != "no" ; then +@@ -2632,7 +2632,13 @@ if test "$libiscsi" != "no" ; then #include int main(void) { iscsi_unmap_sync(NULL,0,0,0,NULL,0); return 0; } EOF @@ -32,5 +34,3 @@ index 2f98c5a..a9a7c99 100755 libiscsi="yes" LIBS="$LIBS -liscsi" else --- -1.8.1.2 diff --git a/0718-ehci-Don-t-access-packet-after-freeing-it.patch b/0718-ehci-Don-t-access-packet-after-freeing-it.patch index 1dcdb62..0e4ec92 100644 --- a/0718-ehci-Don-t-access-packet-after-freeing-it.patch +++ b/0718-ehci-Don-t-access-packet-after-freeing-it.patch @@ -1,7 +1,7 @@ -From 9c8576aeca2d65e17748dc137f0e9abeb2959604 Mon Sep 17 00:00:00 2001 +From c6e419cb392d9e1cca5de66da2be7cb53277bf85 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Wed, 14 Nov 2012 16:21:36 +0000 -Subject: [PATCH 718/719] ehci: Don't access packet after freeing it +Subject: [PATCH] ehci: Don't access packet after freeing it ehci_state_writeback() will free the packet, so we should not access the packet after calling ehci_state_writeback(). @@ -35,6 +35,3 @@ index 46f6d99..4229061 100644 /* state_writeback recurses into us with async == EHCI_ASYNC_NONE!! */ return; } --- -1.8.1.4 - diff --git a/0719-ehci-Fixup-q-qtdaddr-after-cancelling-an-already-com.patch b/0719-ehci-Fixup-q-qtdaddr-after-cancelling-an-already-com.patch index 2313ba3..c90bee1 100644 --- a/0719-ehci-Fixup-q-qtdaddr-after-cancelling-an-already-com.patch +++ b/0719-ehci-Fixup-q-qtdaddr-after-cancelling-an-already-com.patch @@ -1,8 +1,8 @@ -From f0a3e522543763cc5126283031309fdf6f8787c2 Mon Sep 17 00:00:00 2001 +From b4d71f364924655c47f7e54a9726e303c91978d1 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Wed, 14 Nov 2012 16:21:37 +0000 -Subject: [PATCH 719/719] ehci: Fixup q->qtdaddr after cancelling an already - completed packet +Subject: [PATCH] ehci: Fixup q->qtdaddr after cancelling an already completed + packet This avoids the q->qtdaddr == p->qtdaddr asserts we have triggering, when a queue contains multiple completed packages when we cancel the queue. @@ -44,6 +44,3 @@ index 4229061..6be11c5 100644 ehci_set_state(q->ehci, q->async, state); /* state_writeback recurses into us with async == EHCI_ASYNC_NONE!! */ return; --- -1.8.1.4 - diff --git a/0720-ehci_free_packet-Discard-finished-packets-when-the-q.patch b/0720-ehci_free_packet-Discard-finished-packets-when-the-q.patch index 87c7818..6f147a6 100644 --- a/0720-ehci_free_packet-Discard-finished-packets-when-the-q.patch +++ b/0720-ehci_free_packet-Discard-finished-packets-when-the-q.patch @@ -1,4 +1,4 @@ -From 2d608503da16560546ed6c0f04cac87601856412 Mon Sep 17 00:00:00 2001 +From 22df2caa52abc0df20709de04791d49f83792fd7 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Fri, 5 Apr 2013 12:05:49 +0200 Subject: [PATCH] ehci_free_packet: Discard finished packets when the queue is @@ -75,6 +75,3 @@ index 6be11c5..6a787aa 100644 usb_packet_unmap(&p->packet, &p->sgl); qemu_sglist_destroy(&p->sgl); } --- -1.8.2 - diff --git a/0721-hw-arm_sysctl-Clear-sysctl-cfgctrl-start-bit.patch b/0721-hw-arm_sysctl-Clear-sysctl-cfgctrl-start-bit.patch new file mode 100644 index 0000000..068c13a --- /dev/null +++ b/0721-hw-arm_sysctl-Clear-sysctl-cfgctrl-start-bit.patch @@ -0,0 +1,27 @@ +From 3783ae2a82198962b1770b12db2dd3d67f400d7e Mon Sep 17 00:00:00 2001 +From: Christoffer Dall +Date: Wed, 30 Jan 2013 15:39:01 +0000 +Subject: [PATCH] hw/arm_sysctl: Clear sysctl cfgctrl start bit + +The start bit should only be set to indicate that a function call is +underway, right now. When done with function, clear it. + +Signed-off-by: Christoffer Dall +Signed-off-by: Peter Maydell +(cherry picked from commit 706872a56630a206897742b70c69ff99727672d3) +--- + hw/arm_sysctl.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/arm_sysctl.c b/hw/arm_sysctl.c +index 5f1237b..98943cb 100644 +--- a/hw/arm_sysctl.c ++++ b/hw/arm_sysctl.c +@@ -330,6 +330,7 @@ static void arm_sysctl_write(void *opaque, target_phys_addr_t offset, + default: + s->sys_cfgstat |= 2; /* error */ + } ++ s->sys_cfgctrl &= ~(1 << 31); + return; + case 0xa8: /* SYS_CFGSTAT */ + if (board_id(s) != BOARD_ID_VEXPRESS) { diff --git a/0722-console-remove-DisplayAllocator.patch b/0722-console-remove-DisplayAllocator.patch new file mode 100644 index 0000000..60ed5ec --- /dev/null +++ b/0722-console-remove-DisplayAllocator.patch @@ -0,0 +1,372 @@ +From 82ffa03f372852a8e34775bf49a345a120b22be0 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Tue, 16 Apr 2013 17:06:56 +0200 +Subject: [PATCH] console: remove DisplayAllocator + +Causes [temporary] preformance regression with 24bpp vga modes @ sdl. + +Signed-off-by: Gerd Hoffmann + +Conflicts: + + console.h + ui/sdl.c +--- + console.c | 52 ++++++++++---------------- + console.h | 34 +++-------------- + qemu-common.h | 1 - + ui/sdl.c | 117 +++------------------------------------------------------- + 4 files changed, 31 insertions(+), 173 deletions(-) + +diff --git a/console.c b/console.c +index 314f5a5..13e4c0f 100644 +--- a/console.c ++++ b/console.c +@@ -1290,9 +1290,10 @@ static TextConsole *new_console(DisplayState *ds, console_type_t console_type) + return s; + } + +-static DisplaySurface* defaultallocator_create_displaysurface(int width, int height) ++DisplaySurface *qemu_create_displaysurface(DisplayState *ds, ++ int width, int height) + { +- DisplaySurface *surface = (DisplaySurface*) g_malloc0(sizeof(DisplaySurface)); ++ DisplaySurface *surface = g_new0(DisplaySurface, 1); + + int linesize = width * 4; + qemu_alloc_display(surface, width, height, linesize, +@@ -1300,13 +1301,15 @@ static DisplaySurface* defaultallocator_create_displaysurface(int width, int hei + return surface; + } + +-static DisplaySurface* defaultallocator_resize_displaysurface(DisplaySurface *surface, +- int width, int height) ++DisplaySurface *qemu_resize_displaysurface(DisplayState *ds, ++ int width, int height) + { + int linesize = width * 4; +- qemu_alloc_display(surface, width, height, linesize, ++ ++ trace_displaysurface_resize(ds, ds->surface, width, height); ++ qemu_alloc_display(ds->surface, width, height, linesize, + qemu_default_pixelformat(32), 0); +- return surface; ++ return ds->surface; + } + + void qemu_alloc_display(DisplaySurface *surface, int width, int height, +@@ -1319,7 +1322,7 @@ void qemu_alloc_display(DisplaySurface *surface, int width, int height, + surface->pf = pf; + if (surface->flags & QEMU_ALLOCATED_FLAG) { + data = g_realloc(surface->data, +- surface->linesize * surface->height); ++ surface->linesize * surface->height); + } else { + data = g_malloc(surface->linesize * surface->height); + } +@@ -1330,7 +1333,7 @@ void qemu_alloc_display(DisplaySurface *surface, int width, int height, + #endif + } + +-DisplaySurface* qemu_create_displaysurface_from(int width, int height, int bpp, ++DisplaySurface *qemu_create_displaysurface_from(int width, int height, int bpp, + int linesize, uint8_t *data) + { + DisplaySurface *surface = (DisplaySurface*) g_malloc0(sizeof(DisplaySurface)); +@@ -1347,28 +1350,24 @@ DisplaySurface* qemu_create_displaysurface_from(int width, int height, int bpp, + return surface; + } + +-static void defaultallocator_free_displaysurface(DisplaySurface *surface) ++void qemu_free_displaysurface(DisplayState *ds) + { +- if (surface == NULL) ++ trace_displaysurface_free(ds, ds->surface); ++ if (ds->surface == NULL) { + return; +- if (surface->flags & QEMU_ALLOCATED_FLAG) +- g_free(surface->data); +- g_free(surface); ++ } ++ if (ds->surface->flags & QEMU_ALLOCATED_FLAG) { ++ g_free(ds->surface->data); ++ } ++ g_free(ds->surface); + } + +-static struct DisplayAllocator default_allocator = { +- defaultallocator_create_displaysurface, +- defaultallocator_resize_displaysurface, +- defaultallocator_free_displaysurface +-}; +- + static void dumb_display_init(void) + { + DisplayState *ds = g_malloc0(sizeof(DisplayState)); + int width = 640; + int height = 480; + +- ds->allocator = &default_allocator; + if (is_fixedsize_console()) { + width = active_console->g_width; + height = active_console->g_height; +@@ -1398,18 +1397,6 @@ DisplayState *get_displaystate(void) + return display_state; + } + +-DisplayAllocator *register_displayallocator(DisplayState *ds, DisplayAllocator *da) +-{ +- if(ds->allocator == &default_allocator) { +- DisplaySurface *surf; +- surf = da->create_displaysurface(ds_get_width(ds), ds_get_height(ds)); +- defaultallocator_free_displaysurface(ds->surface); +- ds->surface = surf; +- ds->allocator = da; +- } +- return ds->allocator; +-} +- + DisplayState *graphic_console_init(vga_hw_update_ptr update, + vga_hw_invalidate_ptr invalidate, + vga_hw_screen_dump_ptr screen_dump, +@@ -1420,7 +1407,6 @@ DisplayState *graphic_console_init(vga_hw_update_ptr update, + DisplayState *ds; + + ds = (DisplayState *) g_malloc0(sizeof(DisplayState)); +- ds->allocator = &default_allocator; + ds->surface = qemu_create_displaysurface(ds, 640, 480); + + s = new_console(ds, GRAPHIC_CONSOLE); +diff --git a/console.h b/console.h +index 4334db5..755a537 100644 +--- a/console.h ++++ b/console.h +@@ -105,7 +105,6 @@ void kbd_put_keysym(int keysym); + + #define QEMU_BIG_ENDIAN_FLAG 0x01 + #define QEMU_ALLOCATED_FLAG 0x02 +-#define QEMU_REALPIXELS_FLAG 0x04 + + struct PixelFormat { + uint8_t bits_per_pixel; +@@ -165,18 +164,11 @@ struct DisplayChangeListener { + struct DisplayChangeListener *next; + }; + +-struct DisplayAllocator { +- DisplaySurface* (*create_displaysurface)(int width, int height); +- DisplaySurface* (*resize_displaysurface)(DisplaySurface *surface, int width, int height); +- void (*free_displaysurface)(DisplaySurface *surface); +-}; +- + struct DisplayState { + struct DisplaySurface *surface; + void *opaque; + struct QEMUTimer *gui_timer; + +- struct DisplayAllocator* allocator; + struct DisplayChangeListener* listeners; + + void (*mouse_set)(int x, int y, int on); +@@ -194,24 +186,11 @@ void qemu_alloc_display(DisplaySurface *surface, int width, int height, + PixelFormat qemu_different_endianness_pixelformat(int bpp); + PixelFormat qemu_default_pixelformat(int bpp); + +-DisplayAllocator *register_displayallocator(DisplayState *ds, DisplayAllocator *da); +- +-static inline DisplaySurface* qemu_create_displaysurface(DisplayState *ds, int width, int height) +-{ +- return ds->allocator->create_displaysurface(width, height); +-} +- +-static inline DisplaySurface* qemu_resize_displaysurface(DisplayState *ds, int width, int height) +-{ +- trace_displaysurface_resize(ds, ds->surface, width, height); +- return ds->allocator->resize_displaysurface(ds->surface, width, height); +-} +- +-static inline void qemu_free_displaysurface(DisplayState *ds) +-{ +- trace_displaysurface_free(ds, ds->surface); +- ds->allocator->free_displaysurface(ds->surface); +-} ++DisplaySurface *qemu_create_displaysurface(DisplayState *ds, ++ int width, int height); ++DisplaySurface *qemu_resize_displaysurface(DisplayState *ds, ++ int width, int height); ++void qemu_free_displaysurface(DisplayState *ds); + + static inline int is_surface_bgr(DisplaySurface *surface) + { +@@ -223,8 +202,7 @@ static inline int is_surface_bgr(DisplaySurface *surface) + + static inline int is_buffer_shared(DisplaySurface *surface) + { +- return (!(surface->flags & QEMU_ALLOCATED_FLAG) && +- !(surface->flags & QEMU_REALPIXELS_FLAG)); ++ return !(surface->flags & QEMU_ALLOCATED_FLAG); + } + + static inline void register_displaychangelistener(DisplayState *ds, DisplayChangeListener *dcl) +diff --git a/qemu-common.h b/qemu-common.h +index 15d9e4e..7d6e1a9 100644 +--- a/qemu-common.h ++++ b/qemu-common.h +@@ -254,7 +254,6 @@ typedef struct DriveInfo DriveInfo; + typedef struct DisplayState DisplayState; + typedef struct DisplayChangeListener DisplayChangeListener; + typedef struct DisplaySurface DisplaySurface; +-typedef struct DisplayAllocator DisplayAllocator; + typedef struct PixelFormat PixelFormat; + typedef struct TextConsole TextConsole; + typedef TextConsole QEMUConsole; +diff --git a/ui/sdl.c b/ui/sdl.c +index f6f711c..9e4a86e 100644 +--- a/ui/sdl.c ++++ b/ui/sdl.c +@@ -55,7 +55,6 @@ static int absolute_enabled = 0; + static int guest_cursor = 0; + static int guest_x, guest_y; + static SDL_Cursor *guest_sprite = NULL; +-static uint8_t allocator; + static SDL_PixelFormat host_format; + static int scaling_active = 0; + static Notifier mouse_mode_notifier; +@@ -117,108 +116,13 @@ static void do_sdl_resize(int width, int height, int bpp) + + static void sdl_resize(DisplayState *ds) + { +- if (!allocator) { +- if (!scaling_active) +- do_sdl_resize(ds_get_width(ds), ds_get_height(ds), 0); +- else if (real_screen->format->BitsPerPixel != ds_get_bits_per_pixel(ds)) +- do_sdl_resize(real_screen->w, real_screen->h, ds_get_bits_per_pixel(ds)); +- sdl_setdata(ds); +- } else { +- if (guest_screen != NULL) { +- SDL_FreeSurface(guest_screen); +- guest_screen = NULL; +- } +- } +-} +- +-static PixelFormat sdl_to_qemu_pixelformat(SDL_PixelFormat *sdl_pf) +-{ +- PixelFormat qemu_pf; +- +- memset(&qemu_pf, 0x00, sizeof(PixelFormat)); +- +- qemu_pf.bits_per_pixel = sdl_pf->BitsPerPixel; +- qemu_pf.bytes_per_pixel = sdl_pf->BytesPerPixel; +- qemu_pf.depth = (qemu_pf.bits_per_pixel) == 32 ? 24 : (qemu_pf.bits_per_pixel); +- +- qemu_pf.rmask = sdl_pf->Rmask; +- qemu_pf.gmask = sdl_pf->Gmask; +- qemu_pf.bmask = sdl_pf->Bmask; +- qemu_pf.amask = sdl_pf->Amask; +- +- qemu_pf.rshift = sdl_pf->Rshift; +- qemu_pf.gshift = sdl_pf->Gshift; +- qemu_pf.bshift = sdl_pf->Bshift; +- qemu_pf.ashift = sdl_pf->Ashift; +- +- qemu_pf.rbits = 8 - sdl_pf->Rloss; +- qemu_pf.gbits = 8 - sdl_pf->Gloss; +- qemu_pf.bbits = 8 - sdl_pf->Bloss; +- qemu_pf.abits = 8 - sdl_pf->Aloss; +- +- qemu_pf.rmax = ((1 << qemu_pf.rbits) - 1); +- qemu_pf.gmax = ((1 << qemu_pf.gbits) - 1); +- qemu_pf.bmax = ((1 << qemu_pf.bbits) - 1); +- qemu_pf.amax = ((1 << qemu_pf.abits) - 1); +- +- return qemu_pf; +-} +- +-static DisplaySurface* sdl_create_displaysurface(int width, int height) +-{ +- DisplaySurface *surface = (DisplaySurface*) g_malloc0(sizeof(DisplaySurface)); +- +- surface->width = width; +- surface->height = height; +- +- if (scaling_active) { +- int linesize; +- PixelFormat pf; +- if (host_format.BytesPerPixel != 2 && host_format.BytesPerPixel != 4) { +- linesize = width * 4; +- pf = qemu_default_pixelformat(32); +- } else { +- linesize = width * host_format.BytesPerPixel; +- pf = sdl_to_qemu_pixelformat(&host_format); +- } +- qemu_alloc_display(surface, width, height, linesize, pf, 0); +- return surface; ++ if (!scaling_active) { ++ do_sdl_resize(ds_get_width(ds), ds_get_height(ds), 0); ++ } else if (real_screen->format->BitsPerPixel != ds_get_bits_per_pixel(ds)) { ++ do_sdl_resize(real_screen->w, real_screen->h, ++ ds_get_bits_per_pixel(ds)); + } +- +- if (host_format.BitsPerPixel == 16) +- do_sdl_resize(width, height, 16); +- else +- do_sdl_resize(width, height, 32); +- +- surface->pf = sdl_to_qemu_pixelformat(real_screen->format); +- surface->linesize = real_screen->pitch; +- surface->data = real_screen->pixels; +- +-#ifdef HOST_WORDS_BIGENDIAN +- surface->flags = QEMU_REALPIXELS_FLAG | QEMU_BIG_ENDIAN_FLAG; +-#else +- surface->flags = QEMU_REALPIXELS_FLAG; +-#endif +- allocator = 1; +- +- return surface; +-} +- +-static void sdl_free_displaysurface(DisplaySurface *surface) +-{ +- allocator = 0; +- if (surface == NULL) +- return; +- +- if (surface->flags & QEMU_ALLOCATED_FLAG) +- g_free(surface->data); +- g_free(surface); +-} +- +-static DisplaySurface* sdl_resize_displaysurface(DisplaySurface *surface, int width, int height) +-{ +- sdl_free_displaysurface(surface); +- return sdl_create_displaysurface(width, height); ++ sdl_setdata(ds); + } + + /* generic keyboard conversion */ +@@ -955,7 +859,6 @@ void sdl_display_init(DisplayState *ds, int full_screen, int no_frame) + { + int flags; + uint8_t data = 0; +- DisplayAllocator *da; + const SDL_VideoInfo *vi; + char *filename; + +@@ -1029,14 +932,6 @@ void sdl_display_init(DisplayState *ds, int full_screen, int no_frame) + ds->cursor_define = sdl_mouse_define; + register_displaychangelistener(ds, dcl); + +- da = g_malloc0(sizeof(DisplayAllocator)); +- da->create_displaysurface = sdl_create_displaysurface; +- da->resize_displaysurface = sdl_resize_displaysurface; +- da->free_displaysurface = sdl_free_displaysurface; +- if (register_displayallocator(ds, da) == da) { +- dpy_resize(ds); +- } +- + mouse_mode_notifier.notify = sdl_mouse_mode_change; + qemu_add_mouse_mode_change_notifier(&mouse_mode_notifier); + diff --git a/0723-Add-f-FMT-format-FMT-arg-to-qemu-nbd.patch b/0723-Add-f-FMT-format-FMT-arg-to-qemu-nbd.patch new file mode 100644 index 0000000..4ac4b5d --- /dev/null +++ b/0723-Add-f-FMT-format-FMT-arg-to-qemu-nbd.patch @@ -0,0 +1,121 @@ +From 849967d707bb55bfbe93feae78969aaeb5e71dfd Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Tue, 19 Mar 2013 11:20:20 +0000 +Subject: [PATCH] Add -f FMT / --format FMT arg to qemu-nbd + +Currently the qemu-nbd program will auto-detect the format of +any disk it is given. This behaviour is known to be insecure. +For example, if qemu-nbd initially exposes a 'raw' file to an +unprivileged app, and that app runs + + 'qemu-img create -f qcow2 -o backing_file=/etc/shadow /dev/nbd0' + +then the next time the app is started, the qemu-nbd will now +detect it as a 'qcow2' file and expose /etc/shadow to the +unprivileged app. + +The only way to avoid this is to explicitly tell qemu-nbd what +disk format to use on the command line, completely disabling +auto-detection. This patch adds a '-f' / '--format' arg for +this purpose, mirroring what is already available via qemu-img +and qemu commands. + + qemu-nbd --format raw -p 9000 evil.img + +will now always use raw, regardless of what format 'evil.img' +looks like it contains + +Signed-off-by: Daniel P. Berrange +[Use errx, not err. - Paolo] +Signed-off-by: Paolo Bonzini +Signed-off-by: Anthony Liguori +(cherry picked from commit e6b636779b51c97e67694be740ee972c52460c59) + +Conflicts: + qemu-nbd.c +--- + qemu-nbd.c | 20 ++++++++++++++++++-- + qemu-nbd.texi | 2 ++ + 2 files changed, 20 insertions(+), 2 deletions(-) + +diff --git a/qemu-nbd.c b/qemu-nbd.c +index 1c1cf6a..abf654e 100644 +--- a/qemu-nbd.c ++++ b/qemu-nbd.c +@@ -291,6 +291,7 @@ static void nbd_accept(void *opaque) + int main(int argc, char **argv) + { + BlockDriverState *bs; ++ BlockDriver *drv; + off_t dev_offset = 0; + uint32_t nbdflags = 0; + bool disconnect = false; +@@ -298,7 +299,7 @@ int main(int argc, char **argv) + char *device = NULL; + int port = NBD_DEFAULT_PORT; + off_t fd_size; +- const char *sopt = "hVb:o:p:rsnP:c:dvk:e:t"; ++ const char *sopt = "hVb:o:p:rsnP:c:dvk:e:f:t"; + struct option lopt[] = { + { "help", 0, NULL, 'h' }, + { "version", 0, NULL, 'V' }, +@@ -317,6 +318,7 @@ int main(int argc, char **argv) + { "aio", 1, NULL, QEMU_NBD_OPT_AIO }, + #endif + { "shared", 1, NULL, 'e' }, ++ { "format", 1, NULL, 'f' }, + { "persistent", 0, NULL, 't' }, + { "verbose", 0, NULL, 'v' }, + { NULL, 0, NULL, 0 } +@@ -335,6 +337,7 @@ int main(int argc, char **argv) + bool seen_aio = false; + #endif + pthread_t client_thread; ++ const char *fmt = NULL; + + /* The client thread uses SIGTERM to interrupt the server. A signal + * handler ensures that "qemu-nbd -v -c" exits with a nice status code. +@@ -429,6 +432,9 @@ int main(int argc, char **argv) + errx(EXIT_FAILURE, "Shared device number must be greater than 0\n"); + } + break; ++ case 'f': ++ fmt = optarg; ++ break; + case 't': + persistent = 1; + break; +@@ -529,9 +535,19 @@ int main(int argc, char **argv) + bdrv_init(); + atexit(bdrv_close_all); + ++ if (fmt) { ++ drv = bdrv_find_format(fmt); ++ if (!drv) { ++ errx(EXIT_FAILURE, "Unknown file format '%s'", fmt); ++ } ++ } else { ++ drv = NULL; ++ } ++ + bs = bdrv_new("hda"); + srcpath = argv[optind]; +- if ((ret = bdrv_open(bs, srcpath, flags, NULL)) < 0) { ++ ret = bdrv_open(bs, srcpath, flags, drv); ++ if (ret < 0) { + errno = -ret; + err(EXIT_FAILURE, "Failed to bdrv_open '%s'", argv[optind]); + } +diff --git a/qemu-nbd.texi b/qemu-nbd.texi +index 6955d90..70abfeb 100644 +--- a/qemu-nbd.texi ++++ b/qemu-nbd.texi +@@ -36,6 +36,8 @@ Export QEMU disk image using NBD protocol. + disconnect the specified device + @item -e, --shared=@var{num} + device can be shared by @var{num} clients (default @samp{1}) ++@item -f, --format=@var{fmt} ++ force block driver for format @var{fmt} instead of auto-detecting + @item -t, --persistent + don't exit on the last connection + @item -v, --verbose diff --git a/qemu.spec b/qemu.spec index 480a558..91e1ab2 100644 --- a/qemu.spec +++ b/qemu.spec @@ -109,7 +109,7 @@ Summary: QEMU is a FAST! processor emulator Name: qemu Version: 1.2.2 -Release: 10%{?dist} +Release: 11%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 2 License: GPLv2+ and LGPLv2+ and BSD @@ -549,6 +549,13 @@ Patch0717: 0717-qxl-Add-rom_size-compat-property-fix-migration-from-.patch Patch0718: 0718-ehci-Don-t-access-packet-after-freeing-it.patch Patch0719: 0719-ehci-Fixup-q-qtdaddr-after-cancelling-an-already-com.patch Patch0720: 0720-ehci_free_packet-Discard-finished-packets-when-the-q.patch +# Fix booting 3.8 kernels with qemu-system-arm (bz #922796) +Patch0721: 0721-hw-arm_sysctl-Clear-sysctl-cfgctrl-start-bit.patch +# Fix crash with -vga qxl, sdl, and F19 guest (bz #949126) +Patch0722: 0722-console-remove-DisplayAllocator.patch +# CVE-2013-1922: qemu-nbd block format auto-detection vulnerability (bz +# #952574, bz #923219) +Patch0723: 0723-Add-f-FMT-format-FMT-arg-to-qemu-nbd.patch BuildRequires: SDL-devel @@ -1385,6 +1392,13 @@ CAC emulation development files. %patch0718 -p1 %patch0719 -p1 %patch0720 -p1 +# Fix booting 3.8 kernels with qemu-system-arm (bz #922796) +%patch0721 -p1 +# Fix crash with -vga qxl, sdl, and F19 guest (bz #949126) +%patch0722 -p1 +# CVE-2013-1922: qemu-nbd block format auto-detection vulnerability (bz +# #952574, bz #923219) +%patch0723 -p1 %build @@ -1994,6 +2008,12 @@ getent passwd qemu >/dev/null || \ %{_libdir}/pkgconfig/libcacard.pc %changelog +* Sat Apr 20 2013 Cole Robinson - 2:1.2.2-11 +- Fix booting 3.8 kernels with qemu-system-arm (bz #922796) +- Fix crash with -vga qxl, sdl, and F19 guest (bz #949126) +- CVE-2013-1922: qemu-nbd block format auto-detection vulnerability (bz + #952574, bz #923219) + * Mon Apr 08 2013 Hans de Goede - 2:1.2.2-10 - Add an extra patch to really fix (bz #890320)